Data is wealth and this is indisputable. The one that owns the data may perform data analytics, understand the domain and the existing problems, propose solutions, even generate innovation. This is the reason why data ownership is so important and data owners have been reluctant in sharing their data. However, the last decade, cloud infrastructure solutions that enable collaborative data processing are increasingly adopted in research and industry, allowing data owners to make their datasets available for computation without directly exposing them, thus preserving confidentiality and acknowledging ownership, while harnessing the power of collaborative analytics and comparative analysis. Obviously, this paradigm introduces new challenges: protecting sensitive data from potentially malicious code, ensuring code execution integrity, and securing the underlying infrastructure. Existing approaches only partially address these issues. Some approaches focus on protecting the execution environment, others rely on pre-attested code—limiting exploratory research—and some adopt confidential computing techniques that shield data but assume both code and data are inherently trustworthy. In this conceptual work, we examine a more open and collaborative cloud infrastructure that executes unattested code directly on private data without requiring pre-approval. To address the resulting security and privacy challenges, we propose a Defense-in-Depth architecture that integrates static code analysis, dynamic behavioral monitoring, and container-based sandboxing. Our architecture aims to secure the execution environment, preserve data confidentiality, and ensure computational integrity—even in multi-tenant settings where neither code or data can be trusted. This work lays the foundation for secure, privacy-preserving, and flexible collaborative cloud systems.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Towards a Defense-in-Depth Approach for Securing Collaborative Cloud Infrastructures

  • Dimosthenis Natsos,
  • Andreas L. Symeonidis

摘要

Data is wealth and this is indisputable. The one that owns the data may perform data analytics, understand the domain and the existing problems, propose solutions, even generate innovation. This is the reason why data ownership is so important and data owners have been reluctant in sharing their data. However, the last decade, cloud infrastructure solutions that enable collaborative data processing are increasingly adopted in research and industry, allowing data owners to make their datasets available for computation without directly exposing them, thus preserving confidentiality and acknowledging ownership, while harnessing the power of collaborative analytics and comparative analysis. Obviously, this paradigm introduces new challenges: protecting sensitive data from potentially malicious code, ensuring code execution integrity, and securing the underlying infrastructure. Existing approaches only partially address these issues. Some approaches focus on protecting the execution environment, others rely on pre-attested code—limiting exploratory research—and some adopt confidential computing techniques that shield data but assume both code and data are inherently trustworthy. In this conceptual work, we examine a more open and collaborative cloud infrastructure that executes unattested code directly on private data without requiring pre-approval. To address the resulting security and privacy challenges, we propose a Defense-in-Depth architecture that integrates static code analysis, dynamic behavioral monitoring, and container-based sandboxing. Our architecture aims to secure the execution environment, preserve data confidentiality, and ensure computational integrity—even in multi-tenant settings where neither code or data can be trusted. This work lays the foundation for secure, privacy-preserving, and flexible collaborative cloud systems.